Control Flow
Learn how to use if-conditions in your workflows.
Goals
By the end of this tutorial, you will learn how to:
- Reference data from previous actions
- Use the Reshape action to organize data
- Use if-conditions to control the flow of your workflow
- Configure the output schema of a workflow
Prerequisites
- Completed the Quickstart tutorial
- Basic knowledge of JSONPath match syntax
Tutorial
Organize data using the Reshape action
The JSON object returned from the Search URL with VirusTotal action can be quite verbose, for example:
Let’s use the Reshape action along with JSONPath match to extract then organize the data we need for other actions.
Rename the Reshape action to Extract VirusTotal report and configure it’s inputs with the following expressions:
The ACTIONS expression namespace contains all the results from previous actions.
To get the result from a previous action, you call ACTIONS.<action key>.result,
where <action key> is the snake-cased name of the action.
For example, the action key for an action named “Search URL with VirusTotal” is search_url_with_virustotal.
Add list comments action
Add the List VirusTotal comments on URL action to your workflow, then configure it’s inputs with the following expression:
Define an if-condition on list comments
As an analyst, you might want to view comments from the VirusTotal community on a potentially malicious URL. To reduce noise, let’s list these comments only if the URL has been flagged as malicious more than 10 times.
You can do this by adding a Run If condition to the List VirusTotal comments on URL action:
Configure output data
Let’s configure the workflow to return specific output data on completion. Click on the canvas to view workflow settings, then go to the Schema tab.
The ability to normalize a workflow’s output data becomes more important when you start using child workflows.
Next Steps
Check out the next tutorial on Actions Registry to learn how to use, edit, and maintain integrations in your workflows.